help me with hijackthis

J

jamie

hi im jamie n i despertly need help with my hijackthis file because i
have no clue as to what i need to do to get rid of that stupid
isearch. well here it is please help me if you can...

Logfile of HijackThis v1.97.7
Scan saved at 12:30:15 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\Program Files\RapidBlaster\rb32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jamie\Local Settings\Temp\Temporary
Directory 1 for hijackthis.zip\HijackThis.exe
C:\Documents and Settings\Jamie\My Documents\My Received
Files\ToolbarCop.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://K31470.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.thebestse.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.thebestse.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.thebestse.com/search.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.thebestse.com/search.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://nkvd.us/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://nkvd.us/
R3 - URLSearchHook: iSearch Toolbar -
{1C78AB3F-A857-482e-80C0-3A1E5238A565} -
C:\WINDOWS\System32\toolbar.dll
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} -
C:\WINDOWS\System32\toolbar.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -
c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no
file)
O2 - BHO: OsbornTech Popup Blocker -
{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -
C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
- C:\WINDOWS\System32\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program
Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program
Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program
Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common
Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [RapidBlaster] C:\Program
Files\RapidBlaster\rb32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink
5.0\conmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [STOPzillaInstall] C:\Documents and
Settings\Jamie\Local Settings\Temporary Internet
Files\Content.IE5\AX81MX85\SZSetup[1].exe
product_install=SZProBase.msi sz_install=finish
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All
Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\systeminit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL
Companion\companion.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date
Manager\DateManager.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common
Files\GMT\GMT.exe
O4 - Global Startup: sytem32.exe
O8 - Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O13 - DefaultPrefix: http://www.nkvd.us/
O13 - WWW Prefix: http://www.nkvd.us/
O13 - Home Prefix: http://www.nkvd.us/
O13 - Mosaic Prefix: http://www.nkvd.us/
O16 - DPF: Yahoo! Chess -
http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) -
http://download.online-dialer.com/MaConnect.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup
Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program
Files\Internet Explorer\ckweqosd.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) -
ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00001/chm.chm::/files/initial.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK
Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com
Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX
Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {67925165-C4B6-11D2-B9C6-0000E84F59A6} (BDESmartInstaller
Class) - http://www.mtv.com/onair/all_access_2001/bde/common/bdeinsta/bdeinsta.cab
O16 - DPF: {8721F16D-CBF8-4CE5-B924-18D64E12E77E} (BDEInstallMan3
Class) - http://www.brilliantdigital.com/install/bdeinstallman4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher
Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
http://www.live365.com/players/play365.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebiof5_3_16_0.cab
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} -
http://216.129.173.30/xxxnaughty/activeinstaller.dll
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) -
http://www.2020search.com/toolbar/2020Search.cab
O19 - User stylesheet: C:\WINDOWS\sstyle.css
O19 - User stylesheet: C:\WINDOWS\sstyle.css (HKLM)
 
F

Flossie

jamie said:
hi im jamie n i despertly need help with my hijackthis file because i
have no clue as to what i need to do to get rid of that stupid
isearch. well here it is please help me if you can...

Logfile of HijackThis v1.97.7
Scan saved at 12:30:15 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Click to expand...

Download " Ad-Aware from " www.lavasoftusa.com or " Spy Bot Search and
Destory " http://www.safer-networking.org/index.php?page=download and
install it or them . Run it and it should remove the hijack sypware file.

Problem sorted :)


Thanks

Flossie
 
G

Guest

If you would learn to read about an application before using it you would have found out that HijackThis has a free service where you can post your list to and then get a reply as to what is a BHO that needs to be removed and what is a legitimate BHO. Read the help file. That's what help is for. The same would go for XP. Help and support is the first place to look. These NG's are a last resort. {:~)
 
T

Tony Talmage

Neato... virus found to be associated with this post. Hooray for
viruses.....

--
Tony Talmage
Web Developer
Graphic Education Corporation
URL: http://www.graphiced.com
Phone: (888) 354-6600


jamie said:
hi im jamie n i despertly need help with my hijackthis file because i
have no clue as to what i need to do to get rid of that stupid
isearch. well here it is please help me if you can...

Logfile of HijackThis v1.97.7
Scan saved at 12:30:15 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\Program Files\RapidBlaster\rb32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jamie\Local Settings\Temp\Temporary
Directory 1 for hijackthis.zip\HijackThis.exe
C:\Documents and Settings\Jamie\My Documents\My Received
Files\ToolbarCop.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://K31470.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.thebestse.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.thebestse.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.thebestse.com/search.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.thebestse.com/search.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://nkvd.us/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://nkvd.us/
R3 - URLSearchHook: iSearch Toolbar -
{1C78AB3F-A857-482e-80C0-3A1E5238A565} -
C:\WINDOWS\System32\toolbar.dll
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} -
C:\WINDOWS\System32\toolbar.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -
c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no
file)
O2 - BHO: OsbornTech Popup Blocker -
{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -
C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
- C:\WINDOWS\System32\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program
Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program
Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program
Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common
Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [RapidBlaster] C:\Program
Files\RapidBlaster\rb32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink
5.0\conmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [STOPzillaInstall] C:\Documents and
Settings\Jamie\Local Settings\Temporary Internet
Files\Content.IE5\AX81MX85\SZSetup[1].exe
product_install=SZProBase.msi sz_install=finish
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All
Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\systeminit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL
Companion\companion.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date
Manager\DateManager.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common
Files\GMT\GMT.exe
O4 - Global Startup: sytem32.exe
O8 - Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O13 - DefaultPrefix: http://www.nkvd.us/
O13 - WWW Prefix: http://www.nkvd.us/
O13 - Home Prefix: http://www.nkvd.us/
O13 - Mosaic Prefix: http://www.nkvd.us/
O16 - DPF: Yahoo! Chess -
http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) -
http://download.online-dialer.com/MaConnect.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup
Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program
Files\Internet Explorer\ckweqosd.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) -
ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00001/chm.c
hm::/files/initial.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK
Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com
Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX
Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {67925165-C4B6-11D2-B9C6-0000E84F59A6} (BDESmartInstaller
Class) - http://www.mtv.com/onair/all_access_2001/bde/common/bdeinsta/bdeinsta.cab
O16 - DPF: {8721F16D-CBF8-4CE5-B924-18D64E12E77E} (BDEInstallMan3
Class) - http://www.brilliantdigital.com/install/bdeinstallman4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher
Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
http://www.live365.com/players/play365.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebiof5_3_16_0.cab
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} -
http://216.129.173.30/xxxnaughty/activeinstaller.dll
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) -
http://www.2020search.com/toolbar/2020Search.cab
O19 - User stylesheet: C:\WINDOWS\sstyle.css
O19 - User stylesheet: C:\WINDOWS\sstyle.css (HKLM)
Click to expand...
 
M

Mel

you are in deep do-do...take that PC to a reputable shop in your area
ASAP...DO NOT, I repeat, do not attempt to correct this on your own...
 
S

Steve Nielsen

You're supposed to send that info to the Hijackthis forum, not here.

Also, your message appears to be infected with Bloodhound.Exploit.6
When I tried to reply to your post SAV caught it and quarantined my copy
of it in a local temp location.

Steve
 
S

sgopus

Try this.

Here is how to remove isearch from IE on XP:

in regedit search for/remove the following:

!!! ALWAYS EXPORT A COPY OF YOUR REGISTRY BEFORE
ATTEMPTING CHANGES!!!

HKEY_CLASSES_ROOT\CLSID\{1C78AB3F-A857-482e-80C0-
3A1E5238A565}

HKEY_CLASSES_ROOT\CLSID\{1C78AB3F-A857-482e-80C0-
3A1E5238A565}

HKEY_CLASSES_ROOT\iSearch.Object

HKEY_CLASSES_ROOT\iSearch.Object.1

HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-
9AC771ABAAE6}

HKEY_CURRENT_USER\Software\iSearch

HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\MenuExt\&iSearch The Web

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C78AB3
F-A857-482e-80C0-3A1E5238A565}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iSearch.Object

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iSearch.Object.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6D3F5
DE4-E980-4407-A10F-9AC771ABAAE6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{1C78AB3F-A857-482E-80C0-
3A1E5238A565}\DownloadInformation
http://toolbar.isearch.com/install/00010/initial.cab

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Extensions\{1AE2F26C-8E23-4930-A68D-9E681A764001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar
Click to expand...
3A1E5238A565}

HKEY_USERS\S-1-5-21-329068152-1972579041-725345543-500
\Software\iSearch

HKEY_USERS\S-1-5-21-329068152-1972579041-725345543-500
\Software\Microsoft\Internet Explorer\MenuExt\&iSearch The
Web

It seems some of the HKEY_USERS ones dissapear after
deleting the first ones.





-----Original Message-----
hi im jamie n i despertly need help with my hijackthis file because i
have no clue as to what i need to do to get rid of that stupid
isearch. well here it is please help me if you can...

Logfile of HijackThis v1.97.7
Scan saved at 12:30:15 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5 \DirectCD\DirectCD.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\Program Files\RapidBlaster\rb32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jamie\Local Settings\Temp\Temporary
Directory 1 for hijackthis.zip\HijackThis.exe
C:\Documents and Settings\Jamie\My Documents\My Received
Files\ToolbarCop.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://K31470.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet
Click to expand...
Explorer\Main,Default_Page_URL =
http://www.thebestse.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.thebestse.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.thebestse.com/search.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.thebestse.com/search.shtml
R1 - HKLM\Software\Microsoft\Internet
Click to expand...
Explorer\Main,Default_Page_URL =
http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://nkvd.us/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://nkvd.us/
R3 - URLSearchHook: iSearch Toolbar -
{1C78AB3F-A857-482e-80C0-3A1E5238A565} -
C:\WINDOWS\System32\toolbar.dll
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0- 3A1E5238A565} -
C:\WINDOWS\System32\toolbar.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D- 73F568BCB24E} -
c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B- 00D0B743919D} - (no
file)
O2 - BHO: OsbornTech Popup Blocker -
{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -
C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0- 3A1E5238A565}
- C:\WINDOWS\System32\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program
Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32 \DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program
Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program
Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common
Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [RapidBlaster] C:\Program
Files\RapidBlaster\rb32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink
5.0\conmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [STOPzillaInstall] C:\Documents and
Settings\Jamie\Local Settings\Temporary Internet
Files\Content.IE5\AX81MX85\SZSetup[1].exe
product_install=SZProBase.msi sz_install=finish
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All
Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wcmdmgr]
Click to expand...
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1 \MpfTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\systeminit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe - cnetwait.odl
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL
Companion\companion.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date
Manager\DateManager.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common
Files\GMT\GMT.exe
O4 - Global Startup: sytem32.exe
O8 - Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O13 - DefaultPrefix: http://www.nkvd.us/
O13 - WWW Prefix: http://www.nkvd.us/
O13 - Home Prefix: http://www.nkvd.us/
O13 - Mosaic Prefix: http://www.nkvd.us/
O16 - DPF: Yahoo! Chess -
http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) -
http://download.online-dialer.com/MaConnect.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup
Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program
Files\Internet Explorer\ckweqosd.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) -
ms-its:mhtml:file://C:\ss.MHT! http://toolbar.isearch.com/install/00001/chm.chm::/files/in
itial.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBu
gTransporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.inf o.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK
Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com
Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en- us/4,0,0,74/mcinsctl.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX
Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTele
X.cab
O16 - DPF: {67925165-C4B6-11D2-B9C6-0000E84F59A6} (BDESmartInstaller
Class) - http://www.mtv.com/onair/all_access_2001/bde/common/bdeinst
a/bdeinsta.cab
O16 - DPF: {8721F16D-CBF8-4CE5-B924-18D64E12E77E} (BDEInstallMan3
Class) - http://www.brilliantdigital.com/install/bdeinstallman4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient. cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher
Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
https://www.stopzilla.com/_download/Auto_Installer/dwnldr. cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
http://www.live365.com/players/play365.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.companion.yahoo.com/dl/too lbar/yiebiof5_3_16_0.cab
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} -
http://216.129.173.30/xxxnaughty/activeinstaller.dll
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) -
http://www.2020search.com/toolbar/2020Search.cab
O19 - User stylesheet: C:\WINDOWS\sstyle.css
O19 - User stylesheet: C:\WINDOWS\sstyle.css (HKLM)
.
Click to expand...
 
C

Cory

Hi Jamie:

First off, Search this page for "isearch". Simply Hold CTRL on your
Keyboard, press F and the Find box will pop up. enter isearch and
find. In your report, when you find isearch and click find next when
you locate all the isearch entries (there are quite a few here), go to
hijackthis! and check the same lines and fix. That should take care
of the toolbar.

Looks like you have Kazaa installed with all of it's Spyware and
Adware glory. Download Kazaa Lite ++. you can get it @
http://www.oldversion.com

Version 2.4.3 is the newest on this site. no spyware and that
participation BS is gone as well. Anything Brilliant Digital, delete
that as well.

Hope this helps


hi im jamie n i despertly need help with my hijackthis file because i
have no clue as to what i need to do to get rid of that stupid
isearch. well here it is please help me if you can...

Logfile of HijackThis v1.97.7
Scan saved at 12:30:15 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\Program Files\RapidBlaster\rb32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jamie\Local Settings\Temp\Temporary
Directory 1 for hijackthis.zip\HijackThis.exe
C:\Documents and Settings\Jamie\My Documents\My Received
Files\ToolbarCop.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://K31470.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.thebestse.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.thebestse.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.thebestse.com/search.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.thebestse.com/search.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://nkvd.us/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://nkvd.us/
R3 - URLSearchHook: iSearch Toolbar -
{1C78AB3F-A857-482e-80C0-3A1E5238A565} -
C:\WINDOWS\System32\toolbar.dll
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} -
C:\WINDOWS\System32\toolbar.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -
c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no
file)
O2 - BHO: OsbornTech Popup Blocker -
{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -
C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565}
- C:\WINDOWS\System32\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program
Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program
Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program
Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common
Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [RapidBlaster] C:\Program
Files\RapidBlaster\rb32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink
5.0\conmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [STOPzillaInstall] C:\Documents and
Settings\Jamie\Local Settings\Temporary Internet
Files\Content.IE5\AX81MX85\SZSetup[1].exe
product_install=SZProBase.msi sz_install=finish
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All
Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\systeminit.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL
Companion\companion.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date
Manager\DateManager.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common
Files\GMT\GMT.exe
O4 - Global Startup: sytem32.exe
O8 - Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O13 - DefaultPrefix: http://www.nkvd.us/
O13 - WWW Prefix: http://www.nkvd.us/
O13 - Home Prefix: http://www.nkvd.us/
O13 - Mosaic Prefix: http://www.nkvd.us/
O16 - DPF: Yahoo! Chess -
http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) -
http://download.online-dialer.com/MaConnect.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup
Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program
Files\Internet Explorer\ckweqosd.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) -
ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00001/chm.chm::/files/initial.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK
Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com
Operating System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX
Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {67925165-C4B6-11D2-B9C6-0000E84F59A6} (BDESmartInstaller
Class) - http://www.mtv.com/onair/all_access_2001/bde/common/bdeinsta/bdeinsta.cab
O16 - DPF: {8721F16D-CBF8-4CE5-B924-18D64E12E77E} (BDEInstallMan3
Class) - http://www.brilliantdigital.com/install/bdeinstallman4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher
Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
http://www.live365.com/players/play365.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebiof5_3_16_0.cab
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} -
http://216.129.173.30/xxxnaughty/activeinstaller.dll
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) -
http://www.2020search.com/toolbar/2020Search.cab
O19 - User stylesheet: C:\WINDOWS\sstyle.css
O19 - User stylesheet: C:\WINDOWS\sstyle.css (HKLM)
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Spyware I cannot remove! 6
Can anyone please help with this? 6
Winsock.scr please help 3
REGEDIT, MSONFIG, TASK MAMAGER won't open 3
slow opening folders 1
.dll error - making us crazy 1
My PC slows to a crawl and mouse does its own thing !! 3
Numerous Virus Problems 10

Top